Using RFC Destinations to Switch User ID in SAP NetWeaver

Sometimes it seems that we have a situation with no appropriate solution. But the truth is that we always have a simple solution, even in the most difficult case.

At first there are some prerequisites for this article.

We have developed a new process which includes some independent steps.

At the first stage, we need to replace the responsible person, who approves decisions, when he is out of the office – while on vacation, sick leave and so on. In other words, we need to find a substitute. For this reason, our web development specialist creates the smart Fiori application, which fully meets our criteria. This app allows us to select a substitute for the responsible person and set the range of days of absence.

At the second stage, we develop OData service which provides all information for our Fiori app. This includes the development of entity sets, which operate with the data employee set and substitute set. There is no interesting information here, so we omit the details of these artifacts, since they fulfill usual routines, such as reading, creating, deleting, and updating appropriate data.

What we need to do here is to describe more precisely the process of substitution, because understanding of the full process is a key for understanding of the most interesting detail of this solution. When we try to replace one person with another, we have to change authorization objects. In other words, we have to grant the authorization to a new person. In our case these authorization objects were HR’s objects, which made our task more complicated.

So here are some steps:

Read authorization objects for our responsible person. For this purpose, we create the method which gets all roles that belong to the responsible person.

Then we read all authorization objects for our new substitute and try to calculate the difference between the sets of roles. In this step, we always know which authorization objects we must grant to the

Then we should check all new roles, because in some cases we can grant some inappropriate roles, which are outdated for this period or not suitable for these In this step, we have a clear list of roles which we grant to the substitute.

In this step, we assign new roles to the For this purpose, we create a function module

ZFM_HCM_SUBSTITUTE_ADD_ROLES which is declared as RFC function module.

This module allows us to run a background job call via the method assign_roles_via_job :

In this method, we fill all appropriate parameters and create a new variant using

CALL FUNCTION 'RS_CREATE_VARIANT'.

Then we schedule and start a new job.

But here we face a difficult situation when we cannot assign new roles for the substitute, because our background user does not have appropriate authorization to fulfil this action. In this stage of development, we cannot solve this problem. But our main architect finds a perfect solution.

This user works only in background mode and cannot work in foreground mode therefore this user cannot be used by any person without an authorization check.

After the period expires we should reassign the role of a substitute. Here we use the same method, but before this action we should determine actual (up to date) authorization roles. For this purpose, we get existing roles for the substitute, delete the roles which were granted to him before and then reassign the new set of roles.

Hope this article will be useful for you. Good luck in SAP application development!

Using RFC Destinations to Switch User ID in SAP NetWeaver2017-08-212017-08-23/wp-content/uploads/2016/10/skybuffer_logo_white-1.pngSkybufferhttps://www.skybuffer.com/wp-content/uploads/2017/08/1421.jpg200px200px